Peninsula PressNews, multimedia and data journalism from Silicon Valley. A project of the Stanford Journalism Program.2015-03-03T00:24:29Zhttp://peninsulapress.com/feed/atom/WordPressJessica Parkhttp://peninsulapress.com/?p=37222015-03-02T21:40:09Z2015-03-02T21:39:39ZIn a move that could bring in more competition for Tesla Motors Inc., Cupertino-based Apple, Inc. is working on its newest product: an electric-generated car.

The Wall Street Journal broke the news on Feb. 13 about Apple’s project nicknamed “Titan,” which currently has hundreds of people working to create the company’s first automobile. Journal reporters Daisuke Wakabayashi and Mike Ramsey reported that the new car will be more “down-scale” and will resemble a mini-van unlike Tesla’s roadster Model S.

The Model S, Tesla’s most sought-after vehicle on the market right now, is considered to be the luxury car in the realm of electric cars. With a base price staring at around $70,000, Tesla cars may not be in the price range for most average car buyers.

Tesla’s Model S. (Photo courtesy of Tesla Motors.)

This is where Apple intends to play. Apple already has one foot in the automobile industry with its “CarPlay” that it released in 2014. “CarPlay” allows drivers to connect their iPhones to their cars, making it much easier and safer to use their phones while driving.

But besides this new product, Apple is leaving everyone in the dark about the design and price of its future car. The company hasn’t made any public statements regarding the exterior or interior of the design, besides revealing that the car will resemble a mini-van. It also hasn’t made any announcements on the car’s base price and if the number will reflect Tesla’s current price or other much cheaper prices.

However, Business Insider did include a quote from former Apple Board Member Mickey Drexler in an article published Feb. 14, alluding to the late Steve Job’s vision for future Apple products. “Steve Jobs, if he had lived, was gonna design an iCar. I think cars have an extraordinary opportunity for cool design,” Drexler told Business Insider.

The electric vehicle market isn’t new. Nissan came out with the initial model of its Nissan Leaf back in 2013. However, Nissan along with other companies like Ford and BMW all released new electric models this year — unlike Tesla, which has pushed back its release date for its Model X car for later this year or even for 2016.

Unlike Tesla’s high starting price for its current Model S, Nissan’s 2015 Leaf model, BMW’s i3 and Ford’s Focus Electric all start at $29,000, $42,000 and $30,000 respectively. All this could prompt companies to worry about competition in the same niche market, but not Tesla’s Chief Executive Officer Elon Musk.

During the company’s second quarter earnings call last June, Musk couldn’t suppress his laughter after being asked about the threat BMW’s i3 model posed on Tesla’s Model S.

After pulling himself together, he said: “I’m glad to see that BMW is bringing an electric car to the market. That’s cool. There’s room to improve on the i3 and I hope that they do.”

And even with all of the setbacks the company faced last year with delays in deliveries for the Model S P85D caused by weather conditions and shipping problems, Musk doesn’t believe there’s anything to worry about. In fact, he has said he welcomes the competition.

Tesla hasn’t directly spoken up about its thoughts on Apple’s latest project, but unlike his response to the BMW i3, Business Insider Deputy Editor Jay Yarow has said he believes Musk will welcome the competition as it grows the market.

“Because the more electric cars there are in the world, the more normal it seems. The more normal it seems, the easier it is for Tesla to sell cars,” said Yarow in his Feb. 14 article. “Tesla is the pioneer in this space.”

Yarow added: “By the time the Apple Car hits the market, Tesla should be on its third-generation car.”

Back in 2014, Musk indicated on the company’s blog that the company would allow others to use Tesla’s patents to create more electric-generated vehicles.

“They (the patents) have been removed, in the spirit of the open source movement, for the advancement of electric vehicle technology,” Musk said. “If we clear a path to the creation of compelling electric vehicles, but then lay intellectual property landmines behind us to inhibit others, we are acting in a manner contrary to that goal.”

But this isn’t to say Tesla isn’t carefully watching the competition. In the company’s shareholder’s letter prior to its fourth quarter earnings call that took place on Feb. 11, Tesla reported a significant increase in spending in its research and development expenditures.

The Palo Alto-based company spent $139 million in research and development during the fourth quarter, up 100 percent over the $68.4 million it spent during the same quarter last year.

Musk said he anticipated 55,000 deliveries in 2015, a total of 500,000 deliveries by 2020 and millions by 2025.

The company said it will also finally be revealing its Model X in either the latter half of this year or early next year. It is also working on creating an electric car that will be more appealing to all consumers. The Gen III will start at approximately $30,000 dollars but will not available to the masses for another three to four years.

But for now, even with all of this buzz, Tesla’s biggest match-up could prove to be just talk.

The Wall Street Journal also reported on Feb. 14 that Apple could decide to “not proceed with a car” and instead, use the car parts for its other famous Apple products.

Since the fourth quarter earnings were released on Feb. 11, shares of Tesla’s stock dipped 9.6 percent to open at $193.57 on the NASDAQ Stock Market. However, even with the disappointing results and the announcement of Apple’s future in the auto industry coming out in a matter of two days, Tesla’s shares have been steady, staying above $200 all week.

On March 2, its opening price was valued at $202.75, down 2.63 percent from last Friday.

These are some of the lyrics of the first stanza to a rap song called “Beef,” by Boogie Down Productions in 1990 — a song that inspired Bryant Terry, eco-chef, author and food justice activist based in Oakland, to promote healthy and affordable food choices for all, regardless of income, geography or race.

Terry visited Stanford on Jan. 31 to lead a workshop on cooking and food justice. His seminar was the final event of Environmental Justice (EJ) Week, a week of events dedicated to educating and raising awareness of the EJ movement. This week-long series, during the last week of January, was organized by an EJ subgroup of Students for Sustainable Stanford, a group interested in the connection between human-rights issues and environmentalism. The goal of the movement is to more evenly distribute environmental burdens, like suffering from air and water pollution due to location near an industrial or waste disposal plant, and benefits, like adequate public transportation.

The environmental justice movement emerged in the 1980s, calling for fair development, implementation and enforcement of environmental laws, regulations and policies, regardless of race or income. Generally, the communities most affected by environmental issues are high-poverty and racial minorities. These communities account for 20 percent of human health impacts from industrial toxic air releases, mostly due to poor geographic location and the inability to raise voices against the large corporate polluters. Fortunately, their voices are being heard and actions implemented at universities around the country.

For example, student activist groups at Stanford partnered together to raise awareness of these issues, and to strengthen ties between disparate groups that share a common aim to address institutional discrimination.

Food justice, part of environmental justice, focuses on ensuring equitable benefits and risks of how food is grown, processed, transported, distributed and consumed. In our modern world of highly industrialized food systems, environmental food justice activists, like Terry or Jenai Longstaff — an EJ Group Organizer and Stanford undergraduate — address the increasing disconnect between people and their food.

“We hope the EJ Week is not the end of this conversation of how we raise awareness,” said Maria Doerr, another EJ Group Organizer and Stanford undergraduate. “Because we had multiple events with such diverse groups, we can encourage them to continue to collaborate and continue the dialogue on environmental justice issues.”

Rheingold will be retiring from teaching this quarter after ten years at Stanford. He shared some of his story and plans in advance of a dessert celebration that will be hosted by the Stanford Department of Communication at McClatchy Hall on March 3 at 1 p.m.

(Editor’s Note: Peninsula Press is a project of the Stanford Journalism Program, where Rheingold has been a lecturer. Author Mandy Zibart is a thesis advisee of Rheingold’s.)

Rheingold started writing about social technology as a journalist, and he participated in the first online communities about a decade before most people had access to the Internet. He described feeling a sense of community that most people only experienced offline, a deep connection to people with whom he developed close friendships, celebrating weddings and even attending funerals, despite having exclusively online interactions previous to these events.

His unique perspective in the world of technology and journalism led him to an opportunity to teach digital journalism at Stanford during the time his daughter attended the school. While teaching digital journalism, he branched into teaching other curriculum focused on social media skills related to awareness, identity, collaboration and social capital, when he noticed a dearth of information being offered to students by educators in this domain.

In the spirit of movement and “time not being infinite” as he said during a sit-down interview at his home in Marin County, he will be leaving Stanford to focus on developing craft and electronic skills to make more interactive art.

]]>0Sabrina Elfarrahttp://peninsulapress.com/?p=27612015-03-02T21:39:25Z2015-02-20T00:29:36ZA Stanford senior studying computer science, Rafael Cosman decided to put his education to what he considers a worthy cause: teaching East Palo Alto students how to code.

The project started last summer with CodeCamp, a four-week intensive curriculum where East Palo Alto youth gathered to learn coding and other technical skills and participated in a hackathon where they each built a website or online features to improve society in some way.

“Our goal is to take East Palo Alto and Silicon Valley and plug them together,” Cosman said. “We want there to be startups coming out of East Palo Alto.”

As impactful as CodeCamp was, Cosman and his classmate, friend and partner in this endeavor, Shadi Barhoumi, decided they needed to invest more time to create real change. Using their contacts in East Palo Alto, they have created a new educational coding experience: StreetCode Academy, which launched this past November.

“What we realized from CodeCamp is that it’s not enough to have a coding summer camp or a coding class. None of those things by themselves are enough. What you need is an ecosystem,” Cosman said.

Unlike CodeCamp, StreetCode will last throughout the school year and beyond. Cosman thinks a long-term technical experience will give EPA students the tools to stay in the area in which they grew up. Cosman and Barhoumi met with executives from Google, Facebook and other top companies in the area, along with some of their EPA students, where the executives advised the group of ways they can prepare to apply and receive internships at their companies.

“I think that East Palo Alto has a lot to offer Silicon Valley because it’s got this great culture and great community focus,” Cosman said. “The things that we’ve seen our students do using technology have been very different than what Silicon Valley has done.”

“The things that we’ve seen our students do using technology have been very different than what Silicon Valley has done.”

One example of a CodeCamp prodigy is Daniel Chatman, an East Palo Alto native. Through the creators of the nonprofit Live in Peace, an organization that teaches students how to play different instruments as a means to keep them focused, Chatman met Cosman and Barhoumi and decided to enroll in CodeCamp. His decision not only opened career doors for Chatman, but it also inspired him to create a website called Ambition Spotlight, where he highlights the creative work of people in East Palo Alto and beyond — a LinkedIn for people with atypical career paths.

Cosman is graduating from Stanford in June and plans to continue working with his students in East Palo Alto for the foreseeable future.

“We’re not just a couple of Stanford students making another nonprofit in East Palo Alto,” Cosman said. “Because that happens a lot, and frankly, they’re kind of sick of it. We’re in this for the long haul.”

]]>0Ileana Najarrohttp://peninsulapress.com/?p=36062015-03-03T00:18:38Z2015-02-14T21:29:31ZInternational cooperation among law enforcement agencies is key to investigating cyber crimes, according to a panel of federal law enforcement officials and security network experts who spoke at the White House Summit on Cybersecurity and Consumer Protection Friday.

The discussion, hosted by Stanford University and moderated by Assistant Attorney General Leslie Caldwell, addressed the ongoing challenges law enforcement and the private sector face in combating cyber crimes, as well as ways in which global collaborative efforts can, and have, offered faster and more effective solutions.

Federal law enforcement officials and security network experts discuss the important of international cooperation to solve cyber crimes at a panel during the White House Summit on Cybersecurity and Consumer Protection on Feb. 13. (Ileana Najarro/Peninsula Press)

Kevin Mandia, senior vice president and chief operating officer of the network security company FireEye Inc., said that in order to take appropriate actions against foreign cyber-threats, the company needs to be able to identify who committed the crime.

The problem: outside of Western countries, that’s increasingly harder to do.

“The challenge is safe harbors are international,” Mandia said.

Mandia argued there are no deterrents for hacking a Western nation from places like Iran, Iraq and Syria. Without knowing exactly who’s responsible, penalties can’t be imposed, he added.

That’s where global collaboration across law enforcement agencies comes into play.

Mandia said that greater information sharing with partners overseas would grant countries like the U.S. critical on-the-ground facts that aid in better identifying cyber criminals around the world.

Ed Lowery, assistant director of the Office of Training at the U.S. Secret Service, said that the assistance of law enforcement agencies in countries such as Switzerland, Spain, Costa Rica and the Netherlands in 2013 was key to the arrest of former U.S. citizen Arthur Budovsky in Spain who created Liberty Reserve, a digital currency infrastructure that was used for money laundering scams around the world.

Joseph Demarest, assistant director of the Federal Bureau of Investigation’s cyber division, pointed to the example of Operation Clean Slate, a FBI-led effort launched in 2013 that brought together international law enforcement partners and private sector players like Microsoft Corp. to prioritize and remediate cases of malicious software known as botnets.

Still, many countries — especially developing countries — don’t have the capacity to address or even understand cyber threats, according to Bilal Sen, an expert on cyber and emerging crimes at the United Nations Office of Drug and Crime.

For instance, a 2013 United Nations threat assessment report on transnational organized crime in East Asia and the Pacific noted there is no set protocol for reporting unlawful cyber activities related to child pornography and sexual abuse of children in the region.

For its part, Sen noted that the United Nations has been running programs that support local criminal justice systems to both prosecute and prevent cyber crimes, especially in countries like Cambodia and Indonesia.

“We believe we are playing a role to prevent the creation of safe havens for perpetrators,” Sen said.

He added that the United Nations plans to launch an online cyber crime repository next month that includes cyber crime laws of several countries, case laws and best practices.

Jamie Saunders, director of the National Cyber Crime Unit of the United Kingdom’s National Crime Agency, said that countries need to develop the capacity to recognize and address cyber threats and consistently enforce rules of conduct.

“There should be clear expectations of what kind of behavior is accepted from countries if they are going to participate and benefit in the digital economy,” Saunders said.

It’s key, Saunders said, that law enforcement and the private sector work together to develop necessary tools to ensure cyber criminals are stopped before they adapt to and corrupt new infrastructures.

“What I think we need is clear expectations of what is reasonable to expect individuals and individual businesses to do and what is a reasonable expectation for governments,” Saunders said.

That was the question asked by a panel at the White House Summit on Cybersecurity and Consumer Protection held Friday at Stanford University.

Given that two out of three security breaches exploit weak or stolen passwords, according to a Verizon 2014 Data Breach Investigations Report, and that more than 13 million Americans were victims of identity theft-related fraud in 2013, according to another report by the Consumer Federation of America, password management is one of the biggest cybersecurity concerns.

CLICK IMAGE TO EXPAND. (Infographic by Yuqing Pan/Peninsula Press)

“ID fraud is not going away, it’s only getting worse. There’s no silver bullet. And passwords on their own are not 100 percent effective,” LexisNexis Chief Executive Officer Mark Kelsey said Friday.

That is certainly not helped by the fact that the most popular passwords in 2014 were still “123456”, “password” and “12345”, according to SplashData, Inc. a password security company, which compiled millions of stolen passwords made public last year.

Even if people do create longer and more secure passwords, the problem is – they are more likely to forget them. Password refreshing can be time-consuming and costly, said Kelsey.

Asking people to change their password frequently doesn’t help either. In fact, it hurts security because when people have to change their passwords, they choose weaker and weaker passwords, said Lorrie Faith Cranor, a professor of computer science, engineering and public policy at Carnegie Mellon University.

So what’s the solution? One possibility is multi-factor authentication, a system that employs multiple security steps, such as something you know (your password) and something you have (your phone). The two-step verification is widely used by Google, Dropbox, Twitter and Facebook. Apple has recently added two-step authentication to iMessage and FaceTime.

“We owe them (consumers) nothing less than the best protections that we can possibly provide by harnessing the technology at our disposal. We must get this right,” Apple Chief Executive Officer Tim Cook said at the summit.

Another step, recently taken by the U.S. Automobile Association includes facial and voice recognition. The association is trying out that technology on its mobile app to bolster PIN protection. Users can log in with a tap of their smartphone camera and a blink when prompted (to prove they’re a live person and not a photo). They can also log in by speaking into the phone.

While businesses are pushing for more security measures, consumers are too.

“Consumers who are coming to us and say, ‘I want to take control of my own identity, I don’t trust the government, I don’t trust Google,’” said Stina Ehrensvard, CEO and founder of identity protection company Yubico, an international identity protection company based both in Palo Alto and Sweden.

Yubico launched its product – the Yubikey – last year. Yubikey is a USB stick that can be plugged in a computer or a smartphone to ensure a secure online login. In addition to typing in the password, the user can tap on Yubikey to generate a code – which changes with every login –and authenticates the user.

A panel at the White House Summit on Cybersecurity and Consumer Protection on Feb. 13 questioned the future of passwords. (Yuqing Pan/Peninsula Press)

At the same time companies are attempting to make identity more secure, some are trying to make identity management simpler.

Virginia-based ID.me is an identity verification network that allows users to prove their group affiliations – such as military, teacher, student – online. They can then use this “portable” credential across different online platforms. For example, a veteran can use his troop ID to create a portable ID so that he can use it to get a veteran’s discount at an online retailer or access his medical records in a Department of Veterans Affairs hospital.

“We don’t believe that consumers should have to create a new account every time he visits a website, we believe they should be able to use trusted credentials,” said Blake Hall, CEO of ID.me.

“I don’t think we are going to get rid of the password anytime soon, as much as we’d like to,” added Carnegie Mellon’s Cranor. “In the short term, we are going to augment them.”

The transition to new forms of password protection won’t necessarily be an easy one. Steve Emmert, senior director of government and industry affairs at Reed Elsevier Inc., an attendee of the cybersecurity summit, raised question about the use of biometrics.

The use of facial recognition or fingerprints is not protected by the Fifth Amendment against self-incrimination, Emmert said. A Virginia court last year ruled that police officers can force criminal suspects to unlock their phones with a fingerprint scanner, even though they cannot force them to divulge cell phone passwords.

“It is going to dramatically undermine biometrics if users can be forced to give up access of their devices, with more and more data on those devices,” said Emmert.

Another issue facing password management is its use across different devices. Users find it frustrating to generate a complicated password on a laptop, only to find it painful to type it on tablets, let alone a wearable device.

“Some of the solutions are getting us there, but from a usability perspective, I’m not sure there’s a ‘one there’ yet,” said Cranor.

CORRECTION – Editor’s Note (2/18/2015): In this story originally published Feb. 14, 2015, Peninsula Press had a transcription error in LexisNexis Chief Executive Officer Mark Kelsey’s first quotation. The corrected quote appears in the story above.

]]>1Liam Kane-Gradehttp://peninsulapress.com/?p=35742015-03-03T00:18:55Z2015-02-14T20:41:02ZNearly 90 percent of Americans believe identity theft is a serious problem in the U.S., according to a 2014 study by TaxAudit.com. It turns out they are correct.

“The U.S. is responsible for 25 percent of worldwide credit card use, but 50 percent of credit card fraud,” Maria Contreras-Sweet, administrator of the U.S. Small Business Administration, told a panel on payment security at the White House Summit on Cybersecurity and Consumer Protection held Friday at Stanford University.

In introductory remarks, Maria Contreras-Sweet, administer of the U.S. Small Business Administration, emphasized the growing concern over U.S. payment fraud. (Catalina Ramirez-Saenz/The Stanford Daily)

She noted that credit card fraud also is growing faster here than that in other countries. U.S. credit card fraud grew 29 percent to $7.1 billion in 2013 versus just 11 percent in the rest of the world, according to Business Insider.

The reasons for this are many. For one, the U.S. lags Europe in adopting the EMV standard, which involves embedding a chip inside each credit card. The chip generates a unique code each time it is used in-store and makes creating counterfeit copies of physical credit cards virtually impossible. The switchover to EMV credit cards in Europe countries took place a decade ago.

The booming U.S. economy also has led to increased opportunities for cyber predators, whom industry leaders term “bad actors.”

Payment systems in the U.S. transfer nearly $4 trillion a day, or almost 25 percent of the country’s GDP, a sum panel moderator Sarah Bloom Raskin — deputy secretary of the U.S. Department of Treasury — called “mind blowing.”

The number of payment options customers have today — cash, credit card, debit card, prepaid cards, signature debit cards, mobile phones and online payment systems, to name a few — has created further opportunities for cyber hackers.

“Vulnerabilities for mischief are myriad,” Raskin said, referring to the increasing combination of payment systems.

“The fact is, there are just better ways to do [things] than we have today,” Visa Chief Executive Officer Charles Scharf said on the panel.

Visa, for instance, has begun rolling out EMV-enabled cards, which operate at point-of-sale terminals as well as automated teller machines. By the end of the year, Scharf said he expects that half of the Visa credit and debit cards and processing equipment will contain EMV chips or readers. EMV reduces face-to-face fraud by 75 percent, he said.

But EMV cards won’t completely solve the country’s payment security problem. “We’re also sensitive to the fact that as the brick-and-mortar world becomes more secure as we roll out [EMV] technology, those bad actors are going to increasingly shift online,” QVC, Inc.’s Chief Executive Officer Mike George said.

PayPal, Inc. President and CEO Dan Shulman said his company allows customers to make payments without sharing sensitive financial information, requiring only an email address or phone number to complete an online transaction. This process of “tokenization” essentially involves replacing an account number with another form of identification.

Bancorp’s Chief Executive Officer Richard Davis said the concept of tokenization would improve safety across industries: “Think of it as Mr. Phelps on ‘Mission Impossible’ where in 10 seconds, the item will self-destruct.”

EMV and tokenization could mean the end of signing for credit card purchases and entering PINs. “Both signatures and PINs are static forms of authentication that can be copied or re-used for fraud,” Stephanie Ericksen, Visa’s vice president of risk products, said in a written statement to Peninsula Press. “For the future of payment security, we want to build and invest in more dynamic security measures like chip and tokenization which help make stolen information useless to criminals.”

Stanford professor John Mitchell, an organizer of the event, said in an interview that tokenization could solve one of the biggest concerns for financial institutions. “Taking the merchant, in effect, out of the loop — so that the merchant never gets something that they could use in a devious or fraudulent way — is a huge issue for banks and credit card issuers.”

Mitchell added that he expected digital tokenization to be used for non-payment cards, like driver’s licenses and passports. “Ten years from now, instead of having a phone and a physical wallet, we’ll all be carrying around one thing,” he said. “Of course, we’ll have to be careful not to lose that one thing.”

But until tokenization becomes universal for both online and in-store payments, there’s a whole other side of payment security: stopping data breaches.

When the restaurant chain P.F. Chang’s was hacked last year, the company pressed into use old-fashioned knuckle busters, which make a physical impression of embossed information on the face of a credit card for processing at the end of the day — somewhat like the way checks used to work. Using knuckle busters makes it so that there is no data to steal from servers.

PayPal’s Schulman says the average American company is hit by seven million hacking attempts each year. QVC’s George added that online security often can be improved by simply educating a company’s employees.

“We employ sophisticated gaming technologies to engage our own associates in understanding how our company is as secure as the most vulnerable employee and what he or she decides to do with their PC,” he said.

Also, “[we] will tell our employees that we are going to send out a spurious phishing expedition. It looks like someone has emailed you and is trying to tell you to click on a link for some reason. And when they click on it, we’ll explain to them why they should not have clicked on that link, and help them learn.”

Schulman added that as security becomes more important, large payment processing companies have an advantage. “Scale is a very important differentiator, only insomuch as the data that we have and our ability to do our analytics around it,” he said. The company’s analytics use collected data to predict when fraudulent purchases are taking place.

With the threat of cybersecurity breaches especially severe in the U.S., President Obama on Friday signed an executive order to promote expanded information sharing between the government and the private sector.

The goal, according to the White House is to “[ensure] that U.S. companies work together to respond to threats, rather than working alone.”

Indeed, despite ferocious market competition, panelists said they are beginning to coalesce where security is concerned.

Bancorp’s Davis said he is seeing more cooperation within the financial marketplace and hopes it will become commonplace. “For the first time a banking contingent that has always competed have said, ‘Wait. Let’s not compete. Let’s work together on this one thing.’” Davis said he believes other industries will follow suit.

]]>0Ariha Setalvadhttp://peninsulapress.com/?p=36222015-03-03T00:19:14Z2015-02-14T19:49:16ZThe executive order President Obama signed Friday would make it easier for government agencies and private companies to share information in case of a cyber attack.

But company executives and others who attended the White House Summit on Cybersecurity and Consumer Protection are far from agreement when it comes to embracing the idea of information-sharing with the government.

Companies are worried that sharing private information with the government could open them up to lawsuits or regulatory action.

Privacy advocates are fearful such an exchange could create another venue for the government to collect Americans’ personal information, especially in the post-Edward Snowden era.

Experts say the executive action signed by Obama isn’t likely to fully address either of those major issues, causing some to question how much the White House can actually accomplish.

The privacy-versus-information debate took center stage at one of Friday’s panels. The discussion among panelists that included Symantec’s Chief Executive Officer Michael Brown, FirstBank’s Chief Executive John Ikard and Jennifer Granick, the director of civil liberties at Stanford’s Center for Internet and Society was relentless. The issues remained unresolved.

Information sharing has been at the heart of much proposed federal legislation. But Congress has yet to come to a consensus on an information-sharing bill. There’s no sign that’s going to change soon.

Granick said there are three key unresolved issues: The government should not be allowed to tap into private networks; there should be no exemptions to privacy laws for the government; and the federal government needs to recognize that increasing penalties for violations of the Computer Fraud and Abuse Act won’t motivate companies to be upfront about revealing breaches. Granick also pointed out that companies are worried that they might be held libel for revealing a breach that may be construed as a mistake.

“North Korea isn’t going to stop hacking Sony just because all CFAA (Computer Fraud and Abuse Act) crimes are now 10-year felonies instead of misdemeanors,” she said. “But the people who are going to be chilled by that are researchers who are developing threat information and want to share it with the public.

FirstBank’s Ikard also questioned parts of Obama’s order.

“How much does [a company] share? How much intimate information can [a company] give [the government]?” he asked. “Even though this partnership would be a great source of information sharing, we still need legislation in place to allow [companies] to release information in a confidential setting.”

But others said they were encouraged by the President’s executive order, calling it an encouraging step in the right direction.

Symantec’s Brown said it would help keep the administration’s cyber agenda in the public discussion and provide more details on some of the more opaque parts of the White House’s agenda on information sharing.

“Symantec’s ability to secure outcomes for customers is largely a function of being able to see more, so we can analyze more,” Brown said during his remarks on the panel. “We’ve seen that sharing information works and, frankly, we’d like to do this on a more consistent basis with the government as well.”

With our lives becoming more digital, cyber crime is on the rise. Experts at the White House Summit on Cybersecurity and Consumer Protection at Stanford on Feb. 13 discussed ideas for tackling payment security concerns and moving beyond passwords, while President Obama called for greater private-public sector collaboration on cybersecurity.

President Obama on Friday called on Silicon Valley and corporate America to collaborate with the government on cybersecurity, and signed an executive order that would promote the sharing of information on threats or attacks between government and the private sector.

Between the lawsuits filed this week in the hack of the nation’s second largest health insurer, Anthem, Inc., and the White House Summit on Cybersecurity and Consumer Protection at Stanford on Friday, cybersecurity dominated the conversation this week in Silicon Valley.

Company executives and others who attended the White House Summit on Cybersecurity and Consumer Protection are far from agreement when it comes to embracing the idea of information-sharing with the government.

President Obama on Friday called on Silicon Valley and corporate America to collaborate with the government on cybersecurity, and signed an executive order that would promote the sharing of information on threats or attacks between government and the private sector.

Speaking at a White House Summit on Cybersecurity and Consumer Protection held at Stanford University, the President said, “There’s only one way to defend America from these cyber-threats, and that is through government and industry working together, sharing appropriate information as true partners.”

The move is aimed at preventing the kind of recent security breaches at Sony Corp., Target Corp., Anthem Inc. and other companies that have jeopardized the private information of millions of Americans.

Students gather on the Stanford campus, where President Obama signed an executive order on cybersecurity on Feb. 13. (Ann Grimes/Peninsula Press)

With business online transactions worth over a trillion dollars per year, the President said that making cyberspace safer is intrinsic to the economy and the U.S. as the world’s innovation engine.

The rapidly changing nature of the arms race between hackers and those trying to defend information online, makes the cyber-world a “wild, wild West” where government is asked to be “the sheriff,” said Obama. He acknowledged the tough challenges government faces in balancing the fight against cybersecurity threats with protecting individual’s privacy.

“It’s hard, and it constantly evolves because the technology so often outstrips whatever rules and structures and standards have been put in place, which means that government has to be constantly self-critical,” Obama said.

The President kicked off his remarks at the summit in a light tone with jokes aimed at an audience packed with Stanford students, faculty and Silicon Valley A-listers.

“This is the place that made ‘nerd’ cool,” Obama said, to applause and laughter. The President then assured the audience of his concern about the efficacy of passwords to protect vital information.

“It’s just too easy for hackers to figure out usernames and passwords like ‘password’ or 12345senate,’” said the President, jokingly. “Those are some of my previous passwords. I’ve changed them since then.”

The President’s remarks came after business leaders, including Apple Inc.’s Chief Executive Officer Tim Cook, discussed the need for increased and speedy collaboration within the private sector and with government. Cook said that consumers entrust companies such as Apple with “their most personal and precious information.”

He added: “We owe them nothing less than the best protections … We must get this right.”

Cook also said privacy protection extends beyond the realm of finance.

“We still live in a world where all people are not treated equal,” said Cook, who last year publicly acknowledged that he is gay. “Too many people do not feel free to practice their religion, or express their opinion, or love who they choose — a world in which that information can make the difference between life and death.”

The President’s order will pave a way for the private sector to gain easier access to information about cybersecurity threats held by the federal government. Conversely, the order encourages the set up of hubs of information and analysis that private companies could use to communicate about any breaches they detect.

Campus security was tight during President Obama’s visit at Stanford University on Feb. 13. (Ann Grimes/Peninsula Press)

As part of ramping up its efforts to disrupt more cyber attacks, the White House also announced this week the creation of a Cyber Threat Intelligence Integration Center whose objective will be to collect and share this type of information across government.

Obama got a warm reception from the Stanford crowd. But some members in the audience said they wanted to hear more specific solutions on how to eliminate mass breaches and revolutionize the process of ID authentication.

Steve Kirsch, founder and chief technology officer of OneID, a local cyber security company, said government could help deploy alternative technologies — such as digital signatures — that could help reduce hacks.

“If you are breaking into a computer today it’s like breaking into a piggy bank for an experienced hacker,” said Kirsch. “We want it to be as hard to break into a computer as it is to break into a bank vault. And nothing that we’ve heard today changes that thing, and until we do that we haven’t locked the front door, it’s really easy to break into the piggy bank.”

Peninsula Press’ Katharine Schwab contributed to this story.

]]>0Alex Hickshttp://peninsulapress.com/?p=35402015-03-03T00:19:55Z2015-02-13T22:11:47ZBetween the lawsuits filed in the hack of the nation’s second largest health insurer, Anthem, Inc., and the White House Summit on Cybersecurity and Consumer Protection at Stanford on Friday, cybersecurity dominated the conversation this week in Silicon Valley.

The public, however, is also facing concerns about privacy invasions from a source they might never suspect: their own televisions.

Samsung Electronics Co. came under fire this week after it was reported that the company’s new smart TVs could “listen” to viewers’ private conversations.

The Smart TVs feature a voice-recognition system that allows users to give verbal commands to the television, which customers and analysts worry could potentially be used to record private conversations and even share the information with a third party.

The system, designed for improved “ease of use” is activated either by issuing specific commands such as “change the channel” or “increase volume” into a microphone on the remote control, or by clicking the activation button. Users, however, still worry that the system could pick up sounds other than those intended for the television.

Public outrage on social media caused Samsung to address the worries directly on the company’s blog.

Samsung’s policy cautions customers to “please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.”

A Feb. 10 post on the company’s blog entitled “Samsung Smart TVs Do Not Monitor Living Room Conversations,” stated that the voice recognition program could only pick up certain predetermined commands such as “increase the volume” or “change the command.”

Samsung further attempted to reassure customers that all data was encrypted. The company updated its privacy policy to state that Samsung will only collect interactive voice commands when users make a “specific search request,” which may be transmitted to the third-party service provider Nuance Communications, Inc. The company assured customers that their information would only be used to evaluate and improve voice recognition features.

The company’s efforts, however, failed to silence critics.

Electronic Frontier Foundation activist Parker Higgins, for example, tweeted a side-by-side photo comparing Samsung’s privacy policy to George Orwell’s dystopian novel “1984.” His remarks have been retweeted more than 20,000 times in fewer than five days.

Parker Higgin’s tweet has been favorited 9,000 times and retweeted more than 20,000 times since Feb. 8. (Peninsula Press screenshot)

The controversy even pushed U.S. Senator Al Franken (D-Minn.) to question the company’s policies. In a letter Feb. 11 letter to North America Chief Executive Officer Gregory, Franken wrote: “I am concerned that Samsung currently does not provide consumers with the information needed to understand how their voice data may be used by third parties.”

Sen. Franken sent a similar letter on Feb. 10 to LG Corp.’s U.S. President William Cho. LG is one of a number of companies whose smart televisions also feature voice-recognition technology. Franken claimed that the company’s privacy policy was unclear as to whether they shared data with a third party. The policy urges users to “be aware that if your spoken word includes personal or other sensitive information, such information will be among the Voice Information captured through your use of voice-recognition features.”

LG did not respond to a request for comment. But Samsung representatives say there is no cause for concern.

“Samsung does not retain voice data or sell it to third parties,” a Samsung spokesman told ABC News. “If a consumer consents and uses the voice recognition feature, voice data is provided to a third party during a requested voice command search. At that time, the voice data is sent to a server, which searches for the requested content then returns the desired content to the TV.”

Some technology analysts back up Samsung’s claims. For instance, Forbes technology contributor John Archer said in a Feb. 12 article:

“It’s hugely important to stress … that Samsung TVs don’t even start listening to you at all unless you fire their listening abilities up by using a keyword or, on some models, pressing a mic button on the control. So they’re not constantly sat [sic] there listening to every word you say.”

Still, in a climate of cybersecurity alert, companies like Samsung will likely have to work to regain customers’ trust.

“I feel a bit annoyed that … it wasn’t made clear to me in advance of buying the TV,” said smart TV owner Peter Kent in an interview with the BBC. “It makes me think twice.”

Speakers at Friday’s White House Summit on Cybersecurity and Consumer Protection held at Stanford University say they are equally committed to ensuring users’ privacy.

“If we don’t do everything we can to protect privacy, we risk more than money,” Apple Chief Executive Officer Tim Cook said. “We risk our way of life.”

]]>0Carolina Wilsonhttp://peninsulapress.com/?p=35022015-03-03T00:20:02Z2015-02-13T08:00:07ZLaunching the White House Summit on Cybersecurity and Consumer Protection on Thursday, a research symposium hosted by Stanford University’s School of Engineering suggested that while the human relationship with cyberspace will continue to strengthen, educating the cybersecurity workforce and addressing consumer privacy should be the focus of our attention.

John Holdren, assistant to the President for science and technology, made clear in his opening remarks that the discussion about current issues with and the future outlook of cyberspace is important because it touches every part of daily life.

(Graphic courtesy of Stanford School of Engineering.)

While Holdren acknowledged the innovations that have emerged from the Internet as a technological platform, he expressed concern about how public and private goods and services, for example, are also at risk through that same platform.

“Cyberspace is an asymmetric battleground,” Holdren said. “It is unfortunately easier for criminals and hackers to penetrate and disrupt our networks than it is for us to defend them.”

To address these issues, Holdren said President Obama’s administration has developed five priorities to shape the federal government’s response to this challenge. The first three, he said, are the most immediate and pressing concerns, while the fourth and fifth priorities look to the future:

Protecting the country’s information systems and other cyber-dependent critical infrastructure from intrusions and attacks.

Improving the ability of the government, private sector and civil society organizations to share information about cyber intrusions on a time scale that is consistent with an effective response.

Engaging with international partners to build support for an open and reliable cyberspace.

Reshaping the security landscape in cyberspace by developing a cybersecurity workforce that possesses the essential knowledge and skills.

Holdren emphasized that acquiring talented and motivated individuals to step up to the challenge of working within this field is a crucial first step.

“We are only going to find and motivate enough such individuals if we tap the nation’s entire talent pool, including women and girls and individuals from other groups historically underrepresented in STEM fields,” Holdren said.

In fact, Holdren mentioned that the demand for cybersecurity researchers and practitioners is growing 12 times faster than the job market as a whole.

Symposium panelist Larry Kramer, president of The William and Flora Hewlett Foundation, agreed that cybersecurity education is key. The Hewlett Foundation has funded research at Stanford University, MIT and Berkeley.

“We recognize it’s as important to begin to generate a talent pipeline, to create educational opportunities,” Kramer said. “And the universities are the places you have to go to do it.”

But, even if the cybersecurity workforce is larger and smarter, privacy remains a concern for the average Internet user.

Parisa Tabriz, symposium panelist and lead of Google Chrome’s security team of hired hackers, said the issue of privacy is a personal one. This specificity may make it difficult to ensure satisfaction of one type of privacy for every individual.

“I want to emphasize the human component to this problem,” Tabriz said. “Privacy is so personal and so specific to culture and your specific situation.”

Panelist Cynthia Dwork, a distinguished scientist at Microsoft specializing in private data analysis, suggested that perhaps privacy is being thought of in the wrong way. Dwork said people should “question every assumption” and that although there is concern about being treated unfairly, privacy is not necessarily the solution concept to ensure fairness.

Panelist John Mitchell — professor of computer science and vice provost for teaching and learning at Stanford University — frequently deals with the cross-section of cyberspace education and concerns of cyberspace privacy.

Mitchell said Stanford has been involved in expanding educational opportunities by combining online learning activities for individuals via free public courses, from which data can be collected regarding the learning patterns of individuals.

But, it’s “a balancing act.” There is tension between making data available and protecting the privacy of individuals.

“As technology evolves and new ways of collected data evolves, we need a social process around that so that as users of systems can become comfortable with the data collection,” Mitchell said, “and also we can begin to articulate the kind of boundaries that we don’t want to cross and ways that the data could be used.”